Trust Assessment
clawdbot-security received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 6 critical, 1 high, 2 medium, and 1 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Node lockfile missing.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/lxgicstudios/clawdbot-security/cli.js:212 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/lxgicstudios/clawdbot-security/cli.js:237 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/lxgicstudios/clawdbot-security/cli.js:249 | |
| CRITICAL | Command Injection via 'port' variable in network scan The `exec` call on line 200 constructs a shell command using the `port` variable, which is read from the `clawdbot.json` configuration file. If a malicious actor can modify `clawdbot.json` to include shell metacharacters (e.g., `port: "18789; rm -rf /"`), these characters will be executed as part of the `nc` command. The template literal does not automatically escape or quote the variable, making it vulnerable to injection. Sanitize or validate the `port` variable to ensure it contains only numeric characters before using it in a shell command. Alternatively, use a library or method that executes commands with arguments as an array (e.g., `child_process.spawn` with arguments array) to prevent shell interpretation. | LLM | cli.js:200 | |
| CRITICAL | Command Injection via SHODAN_API_KEY environment variable The `execSync` call on line 232 concatenates the `shodanApiKey` variable directly into a shell command. `shodanApiKey` is read from the `SHODAN_API_KEY` environment variable. If this environment variable contains shell metacharacters (e.g., `MY_KEY; evil_command`), these will be executed, leading to a command injection vulnerability. Avoid concatenating user-controlled input directly into shell commands. If `shodan init` supports it, pass the API key as a separate argument or use a method that prevents shell interpretation of the argument. If not, strictly validate the environment variable content for allowed characters. | LLM | cli.js:232 | |
| CRITICAL | Command Injection via 'port' variable in Shodan search The `execSync` call on line 240 constructs a shell command using the `port` variable, which is read from the `clawdbot.json` configuration file. Similar to the `nc` command, if `port` contains shell metacharacters (e.g., `port: "18789" --evil-arg`), these will be executed as part of the `shodan search` command, leading to a command injection vulnerability. Sanitize or validate the `port` variable to ensure it contains only numeric characters before using it in a shell command. Alternatively, use a library or method that executes commands with arguments as an array to prevent shell interpretation. | LLM | cli.js:240 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/lxgicstudios/clawdbot-security/cli.js:4 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/lxgicstudios/clawdbot-security/cli.js:26 | |
| MEDIUM | Unlisted dependency: shodan-cli The `cli.js` script explicitly checks for and uses `shodan-cli` (e.g., `npm view shodan-cli version`, `shodan init`, `shodan search`). However, `shodan-cli` is not listed as a dependency in the `package.json` file. This creates a supply chain risk as the skill relies on an unmanaged external tool. Its presence and version are not guaranteed, and a malicious version could be installed globally or resolved by `npx` if not explicitly managed. If `shodan-cli` is an npm package, add it as a `dependency` in `package.json` and pin its version. If it's expected to be a system-wide executable, add a clear check and error message if it's not found, and consider providing installation instructions. | LLM | package.json:1 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/lxgicstudios/clawdbot-security/package.json | |
| INFO | External IP address lookup for deep scan The `checkExternalAccessibility` function makes an HTTP request to `https://api.ipify.org` to determine the public IP address of the host. While this is an intended feature for the 'deep scan' functionality, it involves sending a request to an external service, which could potentially log the host's IP address. This is disclosed functionality but noted for awareness. No direct remediation needed as this is an intended feature. Ensure users are aware that the 'deep scan' involves external network requests. | LLM | cli.js:186 |
Scan History
Embed Code
[](https://skillshield.io/report/fe6260567ccd1727)
Powered by SkillShield